Examples with AccessForbiddenException de.tum.in.www1.artemis.web.rest.errors.AccessForbiddenException used on opensource projects

Example 26 with AccessForbiddenException

use of de.tum.in.www1.artemis.web.rest.errors.AccessForbiddenException in project Artemis by ls1intum.

the class PlagiarismResource method getPlagiarismComparisonForSplitView.

/**
 * Retrieves the plagiarismComparison specified by its ID.
 * If a studentLogin is passed the comparison is anonymized
 *
 * @param courseId the id of the course
 * @param comparisonId the id of the PlagiarismComparison
 * @param studentLogin optional login of the student
 * @return the PlagiarismComparison
 * @throws AccessForbiddenException if the requesting user is not affected by the plagiarism case.
 */
@GetMapping("courses/{courseId}/plagiarism-comparisons/{comparisonId}/for-split-view")
@PreAuthorize("hasRole('USER')")
public ResponseEntity<PlagiarismComparison<?>> getPlagiarismComparisonForSplitView(@PathVariable("courseId") long courseId, @PathVariable("comparisonId") Long comparisonId, @RequestParam(value = "studentLogin", required = false) String studentLogin) {
    var comparisonA = plagiarismComparisonRepository.findByIdWithSubmissionsStudentsAndElementsAElseThrow(comparisonId);
    var comparisonB = plagiarismComparisonRepository.findByIdWithSubmissionsStudentsAndElementsBElseThrow(comparisonId);
    Course course = courseRepository.findByIdElseThrow(courseId);
    User user = userRepository.getUserWithGroupsAndAuthorities();
    if (!authenticationCheckService.isAtLeastStudentInCourse(course, user)) {
        throw new AccessForbiddenException("Only students registered for this course can access this plagiarism comparison.");
    }
    if (!Objects.equals(comparisonA.getPlagiarismResult().getExercise().getCourseViaExerciseGroupOrCourseMember().getId(), courseId)) {
        throw new BadRequestAlertException("The courseId does not belong to the given comparisonId", "PlagiarismComparison", "idMismatch");
    }
    comparisonA.setSubmissionB(comparisonB.getSubmissionB());
    if (studentLogin != null) {
        comparisonA = this.plagiarismService.anonymizeComparisonForStudent(comparisonA, studentLogin);
    }
    comparisonA.getSubmissionA().setPlagiarismComparison(null);
    comparisonB.getSubmissionB().setPlagiarismComparison(null);
    return ResponseEntity.ok(comparisonA);
}

Example 27 with AccessForbiddenException

use of de.tum.in.www1.artemis.web.rest.errors.AccessForbiddenException in project Artemis by ls1intum.

the class RepositoryResource method getStatus.

/**
 * Get the "clean" status of the repository. Clean = No uncommitted changes.
 *
 * @param domainId that serves as an abstract identifier for retrieving the repository.
 * @return ResponseEntity with appropriate status (e.g. ok or forbidden).
 * @throws GitAPIException if the repository can't be checked out to retrieve the status.
 */
public ResponseEntity<RepositoryStatusDTO> getStatus(Long domainId) throws GitAPIException {
    log.debug("REST request to get clean status for Repository for domainId : {}", domainId);
    if (!canAccessRepository(domainId)) {
        throw new AccessForbiddenException();
    }
    RepositoryStatusDTO repositoryStatus = new RepositoryStatusDTO();
    VcsRepositoryUrl repositoryUrl = getRepositoryUrl(domainId);
    try {
        boolean isClean;
        // Retrieving the default branch is not necessary if the repository is already cached.
        if (gitService.isRepositoryCached(repositoryUrl)) {
            isClean = repositoryService.isClean(repositoryUrl);
        } else {
            String branch = getOrRetrieveBranchOfDomainObject(domainId);
            isClean = repositoryService.isClean(repositoryUrl, branch);
        }
        repositoryStatus.setRepositoryStatus(isClean ? RepositoryStatusDTOType.CLEAN : RepositoryStatusDTOType.UNCOMMITTED_CHANGES);
    } catch (CheckoutConflictException | WrongRepositoryStateException ex) {
        repositoryStatus.setRepositoryStatus(RepositoryStatusDTOType.CONFLICT);
    }
    return new ResponseEntity<>(repositoryStatus, HttpStatus.OK);
}

Example 28 with AccessForbiddenException

use of de.tum.in.www1.artemis.web.rest.errors.AccessForbiddenException in project Artemis by ls1intum.

the class PlagiarismCaseResource method getPlagiarismCasesForCourseForInstructor.

/**
 * Retrieves all plagiarism cases related to a course for the instructor view.
 *
 * @param courseId the id of the course
 * @return all plagiarism cases of the course
 */
@GetMapping("courses/{courseId}/plagiarism-cases/for-instructor")
@PreAuthorize("hasRole('INSTRUCTOR')")
public ResponseEntity<List<PlagiarismCase>> getPlagiarismCasesForCourseForInstructor(@PathVariable long courseId) {
    log.debug("REST request to get all plagiarism cases for instructor in course with id: {}", courseId);
    Course course = courseRepository.findByIdElseThrow(courseId);
    if (!authenticationCheckService.isAtLeastInstructorInCourse(course, userRepository.getUserWithGroupsAndAuthorities())) {
        throw new AccessForbiddenException("Only instructors of this course have access to its plagiarism cases.");
    }
    var plagiarismCases = plagiarismCaseRepository.findByCourseIdWithPlagiarismSubmissionsAndComparison(courseId);
    return getPlagiarismCasesResponseEntity(plagiarismCases);
}

Example 29 with AccessForbiddenException

use of de.tum.in.www1.artemis.web.rest.errors.AccessForbiddenException in project Artemis by ls1intum.

the class StudentExamAccessService method checkStudentExamAccessElseThrow.

/**
 * Checks if the current user is allowed to see the requested student exam.
 *
 * @param courseId      the if of the course
 * @param examId        the id of the exam
 * @param studentExamId the id of the student exam
 * @param currentUser   the current user
 * @param isTestRun     flag to determine if this is a test run or not
 */
public void checkStudentExamAccessElseThrow(Long courseId, Long examId, Long studentExamId, User currentUser, boolean isTestRun) {
    checkCourseAndExamAccessElseThrow(courseId, examId, currentUser, isTestRun);
    // Check that the student exam exists
    StudentExam studentExam = studentExamRepository.findByIdElseThrow(studentExamId);
    // Check that the examId equals the id of the exam of the student exam
    if (!studentExam.getExam().getId().equals(examId)) {
        throw new ConflictException("The student exam does not belong to the exam", "StudentExam", "studentExamExamConflict");
    }
    // Check that the student of the required student exam (from the database) is the current user
    if (!studentExam.getUser().equals(currentUser)) {
        throw new AccessForbiddenException();
    }
}

Example 30 with AccessForbiddenException

use of de.tum.in.www1.artemis.web.rest.errors.AccessForbiddenException in project Artemis by ls1intum.

the class FileResource method getTemporaryFileAccessTokenForCourse.

/**
 * GET /files/attachments/access-token/{courseId} : Generates an access token that is valid for 30 seconds and given course
 *
 * @param courseId the course id the access token is for
 * @return The generated access token, 403 if the user has no access to the course
 */
@GetMapping("files/attachments/course/{courseId}/access-token")
@PreAuthorize("hasRole('USER')")
public ResponseEntity<String> getTemporaryFileAccessTokenForCourse(@PathVariable Long courseId) {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    authCheckService.checkHasAtLeastRoleInCourseElseThrow(Role.STUDENT, courseRepository.findByIdElseThrow(courseId), null);
    try {
        String temporaryAccessToken = tokenProvider.createFileTokenForCourseWithCustomDuration(authentication, 30, courseId);
        return ResponseEntity.ok(temporaryAccessToken);
    } catch (IllegalAccessException e) {
        throw new AccessForbiddenException();
    }
}